Name: A.I. Security | A strategic guide to implementing security and risk controls
Start: 2023-12-05T13:00:00Z
End: 2023-12-05T13:00:13.000Z
Location: BrightTALK
Rating: 4.7

Software Improvement Group (SIG) helps organizations trust the technology they depend on. We’ve made it our mission to get software right for a healthier digital world by combining our intelligent technology with our human expertise to dig deep into the build quality of enterprise software and architecture - measuring, monitoring, and benchmarking it against the world’s largest software analysis database.

With SIG software assurance, organizations can surface the factors driving software total cost of ownership and make fact-based decisions to cut costs, reduce risk, speed time to market, and accelerate digital transformation.

Software Improvement Group is the first fully certified laboratory in the world to measure against the ISO 25010 standard. We make this lab accessible to our clients through our SaaS software assurance platform – Sigrid® – which enables them to take a risk-based approach to improve the health of their IT landscapes.

We serve clients spanning the globe in every industry, including DHL, Philips, ING, KLM, BTPN, Weltbild, KPN, and European governmental organizations.

SIG was founded in 2000 as an independent technology company with embedded consulting services. SIG is headquartered in Amsterdam, with offices in New York, Copenhagen, Brussels, Malmö and Frankfurt.

Learn more at www.softwareimprovementgroup.com.

If the quality of your software isn’t improving, you’re moving backward. Don't miss this opportunity to gain invaluable insights and strategies to elevate your software's resilience and efficiency.

In this virtual session, we will delve into Software Improvement Group (SIG)’s analysis of over 100 billion lines of code across 300+ technologies. You'll learn how this analysis can empower you to improve the business resilience of your critical software infrastructure.

Key Topics:

Uncover the Reality of Rapid Software Development: Explore the surge in popularity of low-code and no-code technologies designed to expedite software development for non-technical individuals. However, discover the hidden challenges as these systems can quickly spiral out of control, resulting in technical debt and architecture complexities that enterprises grapple with.

Bridging the Gap Between Architecture and Development Teams: SIG’s innovative Architecture Quality model. Learn how SIG’s innovative Architecture Quality model ensures seamless collaboration and a cohesive development approach.

Navigating New AI Realities: Delve into the world of (Generative) AI, the hottest technology trend. Understand its inherent quality concerns and gain insights into the subpar quality of AI and big data software. Discover why preemptive remediation is essential to safeguard your business operations.

Open-Source Vigilance: Think the world woke from its open-source-management slumber after Log4J? Think again. Unearth the persistent vulnerabilities of open-source software and the ongoing risks organizations face. Empower yourself with knowledge on safeguarding your digital assets.

Don't miss out on this exceptional opportunity to equip yourself with insights to make your software fit for future purpose.

The Current State of Software Quality and What it Means for You

In this brief introduction, we delve into the newly published ISO/IEC 5338 standard, a vital guide for organizations developing and managing AI systems. Released on December 20th, 2023, and led by the Software Improvement Group, this standard marks a significant milestone in standardizing AI system development, intertwining AI with traditional software lifecycle practices. It addresses critical areas such as risk management, quality assurance, and continuous validation, aiming to integrate AI as a professional software component rather than an isolated entity. ISO/IEC 5338 is designed to ensure better governance, accountability, and regulatory compliance, making it an essential tool for future-proofing organizations against the challenges of AI implementation. 

Discover how ISO/IEC 5338 can transform your organization's approach to AI, enhancing efficiency, security, and innovation in this blog post: https://www.softwareimprovementgroup.com/iso-5338-get-to-know-the-global-standard-on-ai-systems/

[New] ISO/IEC 5338: Global Standard for AI | 2 mins

Following the initial webinar on the Needs of Enterprise Architects, we are delving deeper into their pivotal role, seeing they’re influencing both technical organization and management. Following initial interviews, our process underwent strategic enhancements. But we didn't stop there. Engaging in an active feedback loop with Enterprise Architects, we learned 7 valuable lessons. 

Lesson 1: Enterprise Architects can bridge developer-manager gaps. Join us to unravel all 7 insightful lessons on the Enterprise Architect's role.

Revealing 7 Lessons Learned About the Role of Enterprise Architects

Everyone in the IT industry knows about enterprise architects, but what does this role actually entail? Do these people sit in their ivory tower all day, drafting draconian policies? 

As you can probably tell, the real answer is a lot more nuanced. In this 12-min session, we’ll talk about what we learned after interviewing 40 enterprise architects: what are their top concerns, what do they see as their challenges, what are they most proud of, and how do they stay up to date.

The Needs of Enterprise Architects

No matter what part of the deal cycle you’re in, a digital surprise can have a catastrophic impact on a business’s financial position. But how do you know whether the software quality and security is a red flag, good enough, or would support significant value creation?

Jasper Geurts, VP of SIG Americas, will cover: 
• How to avoid the black hole of technical debt.
• How to evaluate whether technology add-ons and carve-outs are viable.
• Why code-level due diligence is critical for getting your investment thesis right.
• The risks associated with target companies using AI.

How to Assess Software and AI Risks in Tech Investments

We are thrilled to present the 2023 SIG Benchmark Report, the annually published research that empowers digital leaders, IT professionals, and software enthusiasts to build future-fit software that businesses can rely on.

SIG’s research team delved into the SIG software analysis database containing 100+ billion lines of code, across 300+ languages, and conducted over 12,000 enterprise software inspections and uncovered some worrying trends.

KEY TAKEAWAYS
*Learn from the latest software build quality trends worldwide and what this means for your business
*Understand why you need to include Architecture Quality in your day-to-day business to reduce costs, risks and development slowdowns
*Get informed on the poor quality of AI and Big Data software, and find out how to remediate
*Discover the latest insights on vulnerable open source, and how to close the door on those vulnerabilities once and for all 
*Uncover how to close the alarming skills gap between IT professionals

The Global State of Software 2023

With the rise of AI, organizations are faced with unprecedented security risks for their AI systems and their AI engineering. Rob van der Veer, Senior AI,  Security and Privacy Director and trusted EU Advisor, shares how to implement rigorous security protocols in the world of AI engineering.

A.I. Security: A guide to implementing security and risk controls in AI

Redefining IT Due Diligence: Mature your M&A Process for Better Value Creation with Forrester Research

Digitalization is changing the dynamics of M&A transactions. Even when software isn’t central to a deal it can still provide significant value with the right due diligence and post-merger integration. Jasper Geurts, Director of US Consulting at SIG, and featured guest Bobby Cameron, Vice President and Principal Analyst at Forrester Research, discuss the key strategic questions that must be addressed to maximize value throughout the digital deal lifecycle.

Key Takeaways
* Does the technical roadmap align with your strategic objectives?
* Is the IP legitimate and protected?
* Is the software free of security, privacy, IP, and maintenance risks?
* Will the software integrate seamlessly into your current infrastructure?
* Can it scale to meet your growth targets?

IT DD: De-risk acquisitions and accelerate value creation with Forrester

How can organizations trust the changes they want to make and avoid higher costs or operational disruptions? 

In 10 minutes, Delivery Director at SIG, Ravish Gopal, will take you through a practical example of how leadership can get transparency into both the technical reality and soft skills of the software development teams. With this information and level of visibility, only then can you trust your modernization efforts and be in complete control of the process.

Architecture Quality: Incremental Modernization (10 min)

Technical debt is costing you more than you think. Taking shortcuts on software projects ultimately drives up maintenance costs, as developers spend more time keeping the application up and running - instead of building new features. In this webinar recording, we share two key actions to break the cycle. 

You’ll come away with a deeper understanding of:
* Why you can actually ignore the bulk of technical debt
* Why technical debt investment decisions should be based on attractive business cases — and how to create them using Sigrid®, the SIG software assurance platform
* How to focus your payoff efforts for the highest return and proactively prevent new debt

Technical debt is killing your IT budget

This year we released the fourth annual SIG Benchmark Report, a comprehensive look at the data & trends shaping the software industry, based on 70 billion lines of code across 300+ technologies.

KEY TAKEAWAYS:
* Learn from the latest software build quality trends across the enterprise software industry and what this means for your business
* Understand why we are in a state of emergency when it comes to open-source software
* Discover what threatens your organization's critical software supply chains
* Get a crash course on the key factors that correlate with third-party software vulnerabilities and how to identify them fast!
* Access to solutions to rapidly fix software supply chain issues in advance of reading about them in the news

The State of Software Report 2022

How do organizations remain agile and guarantee future fit without being slowed down by technical debt? When IT leaders can rationalize technology portfolios they can take back control and drive innovation. Discover how technology executives can enable organizations to move fast and creatively while also being resilient.

Key Takeaways
* Understand the different types of technical debt
* Best practices to rationalize technology portfolios
* How to prioritize technical debt that is aligned with business objectives
* Take control of technical debt and increase agility

Managing technical debt in a systematic way

As data collection and analysis become increasingly central to business, research, and governance, protecting sensitive information is more crucial than ever. This session will examine the privacy, ethical, and security challenges involved in analyzing sensitive data such as personal health records, financial information, and other confidential datasets. 

Key questions to be addressed include: 
- How can sensitive data be ethically and responsibly analyzed while still protecting individual privacy? 
- What technical and policy safeguards are essential when working with sensitive data? 
- How can risks related to re-identification, unauthorized access, and data leakage be mitigated? 
 
This talk presented industry thought leader Donald Farmer will review best practices and frameworks for enabling secure and ethical data analysis across various industries and applications. Expert perspectives on navigating emerging regulations, managing tradeoffs, and aligning analytical objectives with privacy values will be discussed. Attendees will gain critical insights into analyzing sensitive data securely while upholding public trust and mitigating risks.

Analyzing Sensitive Data: Privacy, Ethics, and Security Considerations

The US data privacy laws in the US are shifting from a "harms-prevention-based" approach to a "rights-based approach exemplified by the European Union's General Data Protection Regulation (GDPR). Following California's lead, four other states, including Colorado, Connecticut, Utah, and Virginia, will begin enforcing new GDPR-inspired statutes in 2023. The shift in the philosophical framework will have profound implications for data privacy protection.

The US has historically allowed businesses and institutions to collect personal information without consent while regulating those uses to prevent or mitigate harm in specific sectors. The EU, on the other hand, has long pursued a rights-based regime for protecting personal information, which holds that data privacy is a fundamental human right. This has roots in Europe's history of suffering through the infamous data collection of the Nazis and the similar collection of data by the formerly communist East Germany's secret police. The GDPR, which became enforceable in 2018, codified several key principles reflecting the Europeans' human rights philosophy. The new laws will be applicable to specific industries and types of institutions and will impose restrictions on industries and institutions regarding their handling of personal information. More states are likely to follow the GDPR in the coming years.

This webinar entails to:
- Introduce the market drivers of the US privacy laws industry and their roles.
- Illustrate the shift in the philosophy underlying data privacy laws in the US.
- Comparison of the US "harms-prevention-based" approach vs the European Union's approach is more rights-based.
- Summary of the EU ‘s General Data Protection Regulation (GDPR), which became enforceable in 2018.
- Understanding how the principles reflected in the new data privacy framework will have profound implications in the years to come.

The New Era of Data Privacy Laws

The difficulties of securing data in cloud-native applications are many, for example:
• There exists a proliferation of data islands, complicating the creation of a unified cloud security view;
• As microservices are created, evolved, and removed, those islands can remain unused—yet still pose a risk to you;
• Propagation and caching of sensitive data between microservices can result in compliance blindness.

That’s not to mention the variety of data storage formats with which IT pros must contend and protect (such as file, object, block, and SQL). Let’s hit the reset button, shall we?

Join us in this Fireside Chat at the Data Security Risks and Challenges BrightTALK Summit to discover 5 principles—based on the basics—with which you can improve cloud-native app security and to see how CNAPP solutions are making a real difference. Tim Miller, Technical Marketing Engineer at Outshift by Cisco joins the discussion with Enterprise Strategy Group analysts.

Securing Your Data in a Cloud-Native Application World

Companies need to understand “wicked” problems, and the best way to navigate the organization during periods of uncertainty.

Companies should ask themselves how speedy their response be to a data security incident, when escalating to the senior leadership team, more so when it is an extortion and/or ransomware attack that involves critical data sets.

Tune into this session presented by disaster recovery and cyber resilience expert Steve Yates as he brings to light the crisis management options for those scary technology moments for when super speedy decisions are needed (or are they)?

By the end of the session, you will be able to:
- Be aware of data security incident management processes and procedures. 
- Form an understanding of the need for having a plan (runbooks/playbooks) and agreed crisis escalation process.
- Be conversant with a joined-up thinking approach when reviewing technology incident management that is “fit-for-purpose”.

Data Security Incident Management: What Keeps You Awake At Night? Part 3

In IDC’s recent survey (Data Loss Prevention Survey, sponsored by Forcepoint, October 2023), 80% of customers indicated they are synching their DLP policies across endpoint, cloud applications (CASB), and web traffic (SWG) but they find it extremely time consuming and resource intensive. Given the option, even more (85%) would choose a single DLP solution that they could manage across endpoint, CASB, and SWG channels.

In this webinar, Frank Dickson, IDC Group Vice President and Jim Fulton, Vice President, Product Marketing show how 31% productivity gains can be achieved as well as cost and time savings by moving to a single DLP solution across endpoint, cloud, and web applications.

Join this session to learn how Forcepoint can solve this problem for you with Data Security Everywhere.

1: IDC’s recent survey (Data Loss Prevention Survey, sponsored by Forcepoint, October 2023, US51335023

Unified DLP Revolution: IDC Unveils Game-Changing Solutions

Data, your most important asset, is growing at a breakneck pace and must be accessible to be useful in today’s business. How do we enable agility and innovation while enabling the necessary security controls? Gaining visibility into your data, where it resides, and who has access can help you proactively limit the scope and impact of a cyber attack. Join our industry experts as they discuss strategies and best practices for a proactive approach to data security.

Make sure to take a look at the attachments as well - we've added extra learnings on how to optimise data protection and provided you with additional resources to help set you up for success.

Strategies and Best Practices for Proactive Data Security

Join the BrightTALK Summits webinar addressing Data Security Risks and Challenges!

Say farewell to the era of weak passwords vulnerable to modern threats. Safeguarding your Active Directory necessitates a robust password policy. Native Windows tools often fall short in tackling today's security challenges and complex compliance requirements. The struggle is real, isn't it?

Introducing the game-changers: Netwrix Password Policy Enforcer and Netwrix Password Secure. Brace yourself for password enforcement that's not only powerful but also incredibly user-friendly. Bid farewell to the headaches and embrace rock-solid security. Your Active Directory will thank you!

Watch this session to discover how to:

- Set up a robust and user-friendly password policy for your Active Directory.
- Prevent the use of weak passwords by customizing dictionaries and cross-referencing against the HIBP database of compromised passwords.
- Simplify password compliance with pre-defined policy templates.
- Enforce the generation of passwords that meet policy requirements.
- Ensure secure password sharing among your employees.

Securing Your Active Directory: The Power of a Resilient Password Policy

The International Standards Organization’s ISO 27701 privacy information management standard is a framework that covers both security and privacy compliance aspects of various privacy regulations around the world. As a certified ISO 27701 Lead Auditor, Ralph Villanueva is more than happy to help the audience and their organizations resolve their data privacy risks and issues by pointing out how to use this very useful framework. 

Tune into this informative talk to learn the benefits of this new frameworks and how to make the best use of it. Even better, this framework will make enterprise-wide privacy compliance more cost effective across geographic locations, and add more value to the audience’s privacy work within the company as well.

How to Leverage ISO 27701 to Fulfill Data Privacy and Compliance Requirements

Staying ahead in the dynamic landscape of data privacy and compliance is not just a necessity but a strategic advantage in order to stay compliant and gain trust from your customers. As we approach 2024, several key trends are emerging that will reshape your understanding of and methodology to these crucial areas. 

Our live talk, on December 5 at 2 pm ET, led by Gary Brickhouse, CISO along with Dan Mengel, Practice Director, Compliance and Jason Eddinger, Senior Security Consultant, Data Privacy will discuss these pivotal shifts that will significantly impact your strategy heading into 2024.

Register today.

Navigating Compliance and Data Privacy Trends Into 2024

There is no shortage of privacy laws and regulations. We keep hearing that the latest privacy laws “will change everything”, but have they made a real difference? This session proposes an alternative approach. Privacy can be treated as an attribute of personally identifiable information and can be managed using data management techniques. Rather than building privacy programs on compliance with laws, it may be more productive to manage the data itself.  

Key takeaways include:
1.      Why and how data privacy has been managed in recent years.
2.      How the compliance-based approach to privacy has shaped organizational approaches to the issue.
3.      How data management principles can offer a different, and perhaps better, way for managing privacy.
4.      How a data management approach would alter organizational structures.

Have We Been Doing Data Privacy The Right Way?

In an era where artificial intelligence (AI) is transforming industries and reshaping the way we live and work, striking the delicate balance between innovation and data privacy compliance is paramount. This session delves into the evolving landscape of AI, discussing how businesses can harness its power while safeguarding sensitive data and adhering to privacy regulations. Explore the challenges, ethical considerations, and strategies that are shaping the future of AI in a privacy-conscious world.

In this session, you will: 
1. Recognize how AI is reshaping industries and business operations, presenting exciting opportunities for innovation.
2. Understand the increasing concern regarding data privacy as AI systems rely on vast amounts of personal and sensitive information.
3. Gain insights into navigating the complex regulatory landscape, including GDPR and CCPA, to ensure compliance in AI projects. 
4. Explore ethical concerns such as bias, fairness, and transparency in AI development and their intersection with data privacy.
5. Learn about strategies and best practices for maintaining a balance between AI innovation and data privacy, building trust with consumers, and staying compliant.

Data Privacy and the Future of AI: Balancing Innovation and Compliance

Data Security Risks and Challenges

With the explosion in AI, organizations need to be mindful of the security risks that this cutting-edge technology can bring. Rob Van de Veer, Senior Security Director and Trusted EU Advisor, shares how to implement rigorous security protocols in the world of AI engineering, AI lifecycle management, AI models, and privacy controls.

A.I. Security | A strategic guide to implementing security and risk controls

Artificial Intelligence

Application Security

IT Security

Software Delivery

Software Development

Application Development

Enterprise Applications

Application Lifecycle Management

Privacy

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

A.I. Security | A strategic guide to implementing security and risk controls

Presented by

About this talk

Software Improvement Group